If you receive errors when attempting to view this white paper, please install the latest version of
Adobe Reader.
"This document helps executives in
midsize life sciences companies understand
their technology-based business needs and the options they have for addressing them. As an executive in a
midsize life sciences company, you need to balance the capabilities of
ERP systems with both economic
restrictions and alternative, human-based approaches."
Source : Microsoft
ERP Issues for the Midsized Life Sciences Company
Life Sciences is also known as :
Life Science Companies,
Life Sciences Industry,
Life Sciences Trade Network,
Life Sciences Community,
Life Sciences Definition,
Life Sciences Research,
Life Sciences Library,
Life Sciences Database,
Life Science Skills,
Life Sciences,
Life Science Companies,
Life Sciences Industry,
Life Sciences Trade Network,
Life Sciences Community,
Life Sciences Definition,
Life Sciences Research,
Life Sciences Library,
Life Sciences Database,
Life Science Skills,
Life Sciences Software,
Life Sciences Data Archive,
Life Science Products,
Life Science Project,
Life Science Definition,
Life Science Worksheets,
Life Science Resources,
ERP Issues,
ERP Business Issues.
Forward
The mid-sized life science company has most of the same business requirements and
all the regulatory issues of a large life science company. However, the mid-sized life
science company has fewer resources at its disposal to address these issues. While
most enterprise resource planning (ERP) companies have made their name by providing
solutions to large companies, only a few have flourished in the life science industries, and
even fewer by meeting the needs of the mid-sized life science businesses.
The objective of this document is to help executives in mid-sized life science companies
understand their needs and options they have for addressing them. As an executive in
a mid-sized life science company, to satisfy your requirements, you need to balance the
capabilities of ERP systems with both economic restrictions and alternative, humanbased
approaches. Larger companies can justify levels of automation that are not
economically viable for the mid-sized company, as the larger company can extend a
solution over many business units and higher business volumes. Compliance strategies
that allow you to balance risk with cost will be explored, in addition to the process and
consideration of selecting a solutions supplier.
Mid-Market Life Science Enterprise Realities
What makes your ERP requirements difficult for most vendors to satisfy? When it comes
to administrative applications, such as financial requirements, your company's needs
are similar to those of a company in any industry. As a life science company, you do
have operational differences from other manufacturing companies, in areas such as
production, supply chain and inventory.
And, of course, you have regulatory requirements unlike any other industry. As a life
science company you must be committed to compliance. Compliance is not optional; it is
a cost of doing business.
However, compliance is not absolute. It is ambiguous, evolutionary and defined by
interpretation. The challenge is managing compliance risks and compliance cost. For the
mid-sized life science company, the questions are:
- What do you need?
- What can you afford?
Part 11, Opportunity Or Challenge?
21 CFR Part 11 specifies additional controls for electronic records and electronic
signatures. Is Part 11 an opportunity or a challenge? The answer to this question is, "it
depends." If you see Part 11 as a requirement that must be met, it will be a challenge. If
you see Part 11 as a way to improve internal business processes, it will be an opportunity.
The FDA is permitting manufacturers to benefit from emerging technologies to streamline
record keeping and compliance. This technology can increase the usability of the
information gathered by integrating both business processes and audit functions, without
compromising the quality of regulatory compliance.
The opportunity can be significant. Life Science companies should see Part 11 as an
opportunity to improve business practices. Benefits may include:
- Lowered cost of data collection
- Increased accuracy of data
- Increased data analysis capabilities
- Reduction of regulatory errors (misfilings, for example)
- Improved control over production, quality and other processes
- Quicker search of electronic records
- Improved information transfer between departments (for example - operations and
quality)
- Improved information transfer between companies (for example - an external research
organization and the sponsoring enterprise)
- Improved product recall
Why is Part 11 an opportunity? It allows a life science company to benefit from many of
the technologies that have proven themselves in many other industries. It also can lower
your long-term cost of compliance.
Compliance Strategy
The FDA regulations are not a fixed target. Compliance is a key objective for any regulated
company, but the requirements to meet this objective are subjective, based upon product,
production processes and, perhaps most importantly, your tolerance for risk. Regulatory
risk is the risk of being found out of compliance. If you accept very limited risk, your cost
of compliance will be high. With more risk, compliance cost is reduced but the potential
cost of non-compliance increases.
Executive management has the responsibility for setting the organization's risk tolerance
and allocating the required resources to satisfy that tolerance. Your compliance team,
made up of individuals responsible for aspects such as quality and legal, needs to set the
regulatory strategy for your company based upon an interpretation of the regulations relative
to your specific situation, balancing the cost of compliance with the cost of noncompliance.
Cost vs. Risk
When reviewing compliance cost, the total cost of ownership
is an important consideration. These include one-time
costs to initiate the system plus continuing operational and
maintenance costs. One-time costs include implementation,
training, acquisition of any equipment or software involved,
and validation. Continuing costs include personnel, continuing
training, and maintenance of any hardware or software utilized.
Continuing costs also include the effort to keep the compliance
system in synch with evolving Standard Operating Procedures
(SOPs). The computer component of the compliance system
will need to be evolved with the SOPs. There are two ways
in which alteration of the computer component would have
a major impact. First is the cost of the effort itself -- does
making a change require a day or a week or several months
of effort? Second, and perhaps more important, is the time lag between the decision to
change the SOPs and having the system ready to support the changed SOP. If this lag is
significant, it can seriously impact your ability to improve operations.
The costs of non-compliance are those costs that would be incurred if you were found to
be out of compliance, factored by the risk of being found out of compliance. The cost of
non-compliance can include additional inspections, lost production, unsellable product,
recalls, plant shut downs, fines, or even jail time for executives.
Public relations can be uncontrollable and costly. The media may decide to feature your
non-compliance, regardless of how serious the problem may be. What will be the impact
on your brand and what that brand means to your success? The financial impact of noncompliance
on a mid-market business has the potential to be catastrophic, and could
cause the small manufacturer to go out of business.
People vs. Systems
Compliance will always be a mix of automation and people. The proper balance of
automation with paper records and human capital keeps costs under control and
yields a flexible but controlled set of procedures. These two extremes both have their
characteristics and costs.
Computers do a great job of handling repetitive tasks and organizing, storing and
retrieving standard documents. People do a great job of handling exceptions. Evaluation
of the characteristics of operations and products will reveal the mix of standard versus
exceptional circumstances. The most effective procedures will allow computer systems to
assist in repetitive operations while integrating manual or semi-manual approaches for
exceptions. Exceptions should be captured in digital form to facilitate, where feasible, the
storing and retrieving of documents.
Information systems can lower the people cost but generate costs
of their own. People and information systems must be balanced
to yield the correct level of compliance at the appropriate
cost. Remember, compliance is not about computers; it is
about procedures that involve many elements, one of which is
computers.
At the extremes, the balance between automation and people
could result in a compliance system that is 100 percent manual
or 100 percent automated. The 100 percent manual option has
been used for years and has proven acceptable in many cases.
That option still exists and should never be ignored. However, leveraging the strengths of
automation can lower the total cost of compliance and should be part of the compliance
strategy. A compliance system that is 100 percent automated is neither achievable
nor practical. The practical zone ranges from a system that is 100 percent people
to a system that is automation-based with people feeding the system and handling
exceptions.
For mid-sized companies, the appropriate balance between people and systems typically
leverages automation to handle normal and repetitive situations and relies on people for
variations. Automation cost is usually an issue with these companies; therefore, tradeoffs
are often made to allow automation to support people-based systems. For example,
a company may opt for a fully automated system, with workstations at each step of the
production process to record compliance information; another company may rely on
hard copy shop packets with compliance information captured on paper and selected
information entered into an automated system at the completion of production.
Remember, compliance
is not about computers; it
is about procedures that
involve many elements, one
of which is computers.
Understanding Vendors
All companies have target markets. Vendors cannot afford to target every market -- some
trade-offs must exist. In attempting to target the life science industry, most ERP vendors
have chosen breadth over compliance depth. The ideal vendor will have the breadth of
function you will need today and in the future. More importantly, the vendor will offer the
regulatory depth required to match your regulatory strategy.
Vendors also define their target markets in terms of the size
of the intended customer-large, mid-sized or small. The
majority of vendors and most of the "big name" vendors
started with a target of large (Fortune 1000 or maybe even
Fortune 100) companies. Therefore, they correctly built the
needs of these large target companies into their software.
In these products we see many multi-division, multinational,
multi-site tools. We see a focus on standard processes across the extended
business. While these tools are very important to large companies, they can present an
extra burden to the mid-sized company.
How should a life science company evaluate ERP vendors and their solutions? The focus
of your search should be on what differentiates your business - those things that, if not
taken care of, can be called fatal flaws. A fatal flaw is not a reflection of your business; it
is a potential shortcoming on the part of an ERP package in an area where, if functionality
is lacking, your implementation will fail. The vendor's flaw will be fatal to your success.
Fatal flaws are usually limited to a very small part of the vendor's total product, but that part is absolutely necessary for success. Typically, fatal flaws are found in the operational
areas of the business and, for life science companies, cGMP and Part 11 compliance.
Therefore, most of your attention should be focused on those areas.
Microsoft Great Plains and Merit Solutions
The Microsoft Great Plains and Merit Solutions focuses on the mid-sized life science
company. The solution provides business software for life sciences companies requiring
FDA cGMP compliance, supporting a range of compliance strategies. As appropriate to
the mid-sized company, the solution supports the people rather than forcing the people
to support the system. The solution allows companies who must adhere to the stringent
data validation, security and process integrity requirements mandated by the FDA to
leverage the power of Microsoft's integrated business systems.
The Microsoft Great Plains and Merit Solutions approach is an attempt to take the best from
both sources. Microsoft provides a broad array of applications that are appropriate for most
companies. Microsoft built these applications using an architecture that is appropriate for
the extension or the creation of complementary solutions by either end-user companies or
application providers. Merit has leveraged this architecture, and its knowledge of the needs
of a life science company to yield a solution specifically for life science companies.
Life sciences specific functionality from the Microsoft Great Plains and Merit product set
includes areas such as:
- Part 11 Audit Trails
- Electronic Signatures
- Password and Login Controls
- Quality Material Management
- Adverse Event Reporting
- Batch and Lot Records Management
- Advanced Lot and Serial Track and Trace
- Product Life-Cycle Management
Potential Fatal Flaws - Compliance and Software
For many vendors, you will find that their fatal flaws are related to production and
compliance issues. These combined issues impact inventory and production areas as
covered by cGMP and Part 11.
Are meeting Part 11 requirements necessary for compliance? No. Under Part 11, the use
of electronic records is optional. Therefore, your compliance strategy will dictate the need
for Part 11 functions in your ERP system. ERP function deals with cGMP for all life science
companies, and this will always demand a close look during the evaluation process.
Part 11
Since many companies will want to undertake Part 11 compliance to minimize total cost,
what are some of the fatal flaws related to Part 11?
ERP companies addressing Part 11 have approached it in one of two ways - as an
application issue or as an infrastructure issue.
With the application approach, the vendor decides which transactions demand Part 11
control. The prospective buyer's job is to make certain that the vendor's decisions are
workable given the company's regulatory strategy. Are all the points of interest covered?
If extra issues are addressed, can these be "turned off" to avoid excess and expensive
controls? If you change your strategy or SOPs, will the issues now covered still meet your
needs? The application approach may result in some trade-offs between the vendor's desire
to serve the life science market and the limitations of development priorities and funding.
With the infrastructure approach, the vendor enables Part 11 as part of the base system
and allows the user to implement Part 11 control at any point in the system that is
deemed necessary. The Part 11 functionality can be triggered on any file or transaction.
For example, if your compliance strategy is very conservative, you may want to implement
Part 11 control on granting or maintaining security profiles.
Merit has leveraged Microsoft's technology in adopting an infrastructure approach to
Part 11 compliance. The solution enables businesses to implement compliance features
(such as audit trails and electronic signatures) in a manner compliant with FDA 21
CFR Part 11 regulations and in a way that supports the organization's specific SOPs. It
provides audit trail tracking and reporting in all areas of the ERP system that are FDA
significant, including batch records, engineering changes, quality records, inventory status
transactions, process instructions and recording of results.
The infrastructure approach gives the business control over its approach to compliance.
For example, a hard-coded compliance solution might require an electronic signature
when signing off on a data entry to a batch record, even if the business keeps a paper
batch record. The Merit solution infrastructure approach would allow the business
to decide to eliminate the electronic control in that location because compliance is
maintained in a paper copy.
cGMP
The application functions of ERP address the cGMP regulatory issues. These issues and
the related fatal flaws can be organized as follows:
- Security
- Work Orders
- Transactions
- Inventory
- Lot Tracking
- Analysis
- Proof of Compliance
Electronic signatures are
considered to be systemrequired
authentification
cGMP - Security
If you choose to use electronic records, you must consider the security provided by the
system. Part 11 calls for a layered security with parameters that can include:
- User authentication (user name and password)
- Window access
- Transaction access (in some cases, transaction type restriction)
- Field level security
- In-process controls including dual password authorization and reason code capture
for certain transactions related to significant processes
- Automatic system time-outs
- Extra levels of system enforced control around certain significant processes, such as
quarantine material that must pass a material review board inspection before being
released as available
Security also varies with signatures. Electronic signatures are considered to be systemrequired
authentification, such as the input of a password or multiple passwords. Digital
signatures are authentifications that can also involve other human inputs, such as human
fingerprints, retinal scans or actual pen-stylus input of a written name. Common issues
include: How many electronic signatures does the system require for a transaction?
Can the number be determined by the company and be changed on a transaction-bytransaction
basis?
For transactions that relate to processes deemed "significant" by the FDA regulations, the
system must store information documenting the transaction and the signatures, including
before and after images of the data. The regulations specify what information must be
maintained for the signatures. The identity, time, date, location, device, and reason for
the data change must be stored for each signature. Regulations call for secure storage
and rapid retrieval of documents. Although not specially called for in the regulations,
the capability to assemble documents as outputs that can be printed and stored
electronically in standard formats, such as PDF or XML documents, is strongly advised.
Microsoft Great Plains provides a variety of advanced security options, including the ability
to assign security by user or user class. These security settings allow the administrator
to control which windows, modified windows, reports, modified reports and files any
individual can access. Effectively, this gives control over which types of transactions the
user can access based on the windows into which they are allowed access.
Field level security in Microsoft Great Plains allows you to apply a password or to make
a window or form unavailable. It also allows you to apply password protection to specific
fields and even lock them or hide them from the user's view.
Merit Solutions extends the advanced security options available in Microsoft Great Plains
by adding the ability to ensure that passwords contain a combination of letters, numbers
and symbols. The security can also be set to restrict the hours of system use so that a
user can only access the software during allowed time periods.
cGMP - Work Orders
The manufacturing work order is a primary regulatory focus. This document ties together
the information related to production. The work order should be integrated with all lot
and/or serial number information from procurement to customer delivery. The work order
must include all resources involved in production including materials, people, locations,
and equipment. The work order is the primary collection point for production-related
regulatory information and is usually a focus of regulatory attention.
cGMP - Transactions
Any and all transactions that relate to business processes deemed "significant" by the
FDA regulations must be considered part of regulatory requirements. This generally
includes transactions that span the material life cycle from procurement to customer
shipment. Audit records for transactions related to significant processes must include
the person, location, equipment used, time and date stamp, and before and after data
values. This data must be organized for retrieval and retention. Since the transaction
audit database is constantly growing with ongoing transaction processing, the size and
management of the database is a major issue. The architecture of the Part 11 Audit
system must be designed to efficiently manage a large transaction information database,
and to do so within a "closed system environment" as defined by the regulation. Proper
system architecture for a Part 11 Audit includes:
- The ability to track only the data for the transactions that support processes in your
business deemed "significant," and not for transactions supporting processes that
are not "significant." If the whole application (all transactions) is audited, the audit
database size will be monumental and difficult to maintain and administer. It will also
have a clutter factor that makes it difficult to use.
- An audit database that is distinct and separate from the production database. This
is important because the sheer size of a self-updating audit database can quickly
impact production performance of an ERP system. A separate database also allows
much tighter and more specific controls around the audit database without restricting
the levels and types of controls necessary for the production database to function.
- A search capability, usable by non-technical employees, that is powerful enough to
enable the quick search and assembly of past transaction records. This includes the
ability to search by multiple parameters across selective time periods. It must be
user accessible to support timely assembly of transaction history in a situation where
company officers must substantiate evidence of SOP compliance.
The Merit Solutions audit trail is unique in that it was designed from the ground-up with
the specific goal of supporting 21 CFR Part 11 compliance. Some of its Part 11 specific
design features are:
- Audit trail is maintained in a separate audit database. This facilitates easy backup
of the growing audit trail, and even allows the audit database to be placed on a
separate hard drive for performance.
- Audited transactions and records are maintained in "mirror" copies of their original
tables. This makes reassembly of records, and reporting, much easier to accomplish
versus the common one-table design audit trail.
- Its own security system allows the administrator to grant specific users access to view
just some parts of the audit.
- The SQL-based audit captures all changes to the data regardless of the source. This
contrasts to an audit trail created by the ERP application, which would only capture
changes coming from the ERP software and not a change coming from a user directly
accessing the database.
cGMP - Inventory
Inventory information must be retained across the material life cycle. Lot information,
quantities, classifications (quarantined, approved, rejected, hold, etc.) and storage
locations must be maintained. It is recommended that the type of inventory (Active
Pharmaceutical Ingredient, or API, Inactive Ingredient or Manufacturing Materials) be
designated to assist in security, retention and retrieval.
Microsoft Great Plains allows you up to six user definable categories for inventory items in
order to specify types of inventory that make the most sense for your business. Inventory
can be stored in multiple locations so a company may use one location for quarantine but
other locations for material available for production.
cGMP - Recall/ Lot Tracking
An extremely important function is recall. Also called lot tracking and tracing by the software
industry, recall must be error proof and must react quickly to your needs. The information
retained for recall and its retention and retrieval must reflect the wide variety of roles it must
play. It is suggested that both fast track retrieval methods and extremely flexible methods
be available for retrieval and analysis. The recall database size will become an issue.
Lots can be assigned to manufacturing orders either before or after production and
manufacturing orders can be pegged to specific sales orders. If a recall occurs, a user
simply needs to enter in the range of serial or lot numbers to be traced and the window
will show any transactions in the system that involved these serial or lot numbers
including, but not limited to, inventory receipts, sales orders and manufacturing orders.
cGMP - Proof of Compliance
System testing and validation specific to your deployment and system documentation
in accordance with your standard operating procedures are important aspects of
compliance. The underlying technology and architecture of the software should consider
the following factors:
- The ability to embed electronic versions of your standard operating procedures
within the software, in order to directly support and enable workers to operate in
accordance with the procedures. This object linking or embedding type of technology
can yield considerable savings in administration time when changing and updating
standard operating procedures.
- System enforced integrity. While basic and often assumed, some systems do not
enforce data or process integrity. If the software cannot be proven to produce
consistent, expected results, the company cannot pass validation testing, and the
software cannot be used.
- Compatibility with desktop technologies. A company must prove that its workers
understand and are operating in compliance with their standard operating
procedures. When moving to an integrated business system, the ability to prove the
workers' proficiency with the system becomes paramount. If the workers are already
familiar with the screens, user interface and basic operations of your ERP system,
based on their existing knowledge of desktop and productivity software used, the cost
and time to maintain their proficiency on the ERP system will be minimized.
Proof of compliance relies upon audit trails to organize the relative information. The
Microsoft Great Plains / Merit Solution's audit trails solution provides the ability to track,
trace and report any changes associated with any data in Microsoft Great Plains, and for
any data in third-party software or customized software resident within Microsoft Great
Plains. This includes information related to a change, such as time, date, and user, as
well as the "before" and "after" data values associated with a change.
Audit Trails is easily configured for tracking just the data required for each customer, and
is designed for efficient but controlled ongoing maintenance and administration.
But, what really sets Audit Trails apart is that it is developed completely within Microsoft
Great Plains and features the same user interface. This allows for easy adoption by your
employees, and ensures technical stability and ongoing compatibility.
Audit Trails gives you an easy to use, complete track and trace capability
The software can operate with closed-looped controls, or as a "closed system", as required
by many companies when using an Audit Trails system.
Using Audit Trails, life sciences companies can adhere to the stringent data validation,
security and process integrity requirements mandated by the Food and Drug
Administration (FDA), including those requirements specified in regulation 21 CFR Part 11.
Some aspects of the Merit Solutions compliance offering that are compelling for the midsize
life science company include:
- The ability to track data for all transactions and all tables within Microsoft Great Plains or internally resident customizations or third-party software
- The ability to be configured to track just the transactions and data deemed significant
by the customer, contributing to ease of maintenance and the lowest impact on
hardware performance and database size
- Technology and user interface that is the same as Microsoft Great Plains.
- Fast and easy access to any audit information, including the ability to narrow the data
views down based on multiple sort criteria
- Adherence to FDA CFR 21 Part 11, including before and after transaction data values,
and operation as a "closed system".
Additional functionality to support your compliance strategy
SOPs can be supported in a variety of ways within Microsoft Great Plains. For
organizations that manufacture medical devices, drawings can be attached to items so
that everyone has easy access to technical specifications.
Any organization that must adhere to SOPs will appreciate the ability to attach notes and
other types of files to master records such as bills of material or recipes, routes at the
individual sequence level, and work centers. These notes can be text files that outline
SOPs, drawings, and even video clips describing the appropriate procedure to follow.
Other areas of functionality provided by Microsoft Great Plains that may be appreciated by
the life sciences organization include:
Human Resources: In the Microsoft Great Plains human resources application, you can
assign skills to workers. You can also assign skills to work centers in manufacturing
denoting which skills or certifications are required to work at a work center. Even without
the human resources module installed, a drill-down into the activity on any manufacturing
order will show a history of the employees who worked on an order and at which work
center.
Revision history for bills of material or recipes: You can save bills of material revisions
to history, and you can view all revisions along with the details of the bills of material
structure for that revision, the date changed, and the User ID that initiated the change.
Microsoft Great Plains Engineering Change Management: This will allow any user in
the system to suggest a change to a bill of materials or a process to help ensure an
environment of continuous improvement. The reason for the change as well as the
anticipated impact can be recorded as well. These changes are routed through predefined
approval steps and once a change is made, the revision number is updated and a history
of the change is kept in the system.
For organizations that don't need the advanced functionality provided by Engineering
Change Management, a history of revisions can still be kept when changes are made
through the bill of materials maintenance screen.
What Your Software Vendor and/or Your System Integrator
Should Supply Beyond Software
The ERP software must be specifically tested and validated for your company's use.
Once your SOPs are developed and documented, system validation is largely a function
of performing documentation tests of your processes within the software to prove that it
acts in the expected manner. It is important that your vendor, and your system integrator
if someone other than your vendor implements the software, offer the following:
- A deep understanding of the FDA regulations with which you must comply. If your
vendor or system integrator doesn't understand the requirements born out of the
regulations, it will be very difficult to successfully deploy a validated system.
- Pre-built validation tools. Your business will have its own unique processes and
therefore unique tests, but as much as 60 percent of the required tests may be
similar to those of other life science companies. If the vendor or system integrator
can bring pre-built tools that can be directly used or slightly modified for some of your
validation processes, the savings in consulting costs and time can be significant.
- Experience in deploying validated systems with other customers. There is simply no
substitute for this experience. It will save you time and money in your deployment.
- An understanding of the initial and ongoing change management aspects of
operating an ERP system in a regulated deployment. For example, each new version
requires new testing, and specific change management processes must be followed
to bring the new version online and into production.
- A deep understanding of the software, including the way the database is structured
and the way the code is designed to behave. This is required to support the testing
and validation process, and to support decision-making regarding which transactions
must be tracked at the Part 11 audit level in order to support your specific validated
deployment. Also, while you hope not to have to customize or extend the software,
it is important that your vendor or system integrator be able to support your needs
if you do. Customized software must be able to operate under the same audit trail
capability as the core system, and must be tested and validated in the same ways.
- Long-term financial viability. Because of the added regulatory requirements of a life
sciences company, the costs to change ERP systems are significantly more than for
other types of firms. It is important that the software is able to scale to support your
functional needs as you grow, but it is just as important that the software developer
be around to support and maintain the ERP software that you commit to.
Adverse Event
Reporting
In addition to the
functions of "traditional
ERP", Merit provides
the function required
by the FDA to track
information related to
adverse events and to
file FDA Form 3500A.
Adverse Event Reporting
provides the capability to
track all adverse events,
maintain a database of
those events including
disposition information,
and produce the required
FDA reporting documents
associated with adverse
events. Features include:
- Provides a central,
secure and controlled
system for tracking,
analyzing and
reporting on adverse
events.
- Operates seamlessly
with Merit Solutions
Audit Trails. All
changes to adverse
event records are
tracked, recorded
and maintained in
accordance with
FDA 21 CFR Part 11
requirements.
- Produces form 3500A.
- Enables analysis of
disposition and trend
information for all
adverse events.
Summary
As a mid-sized life science company you have most of the same business requirements
and all the same regulatory issues as the largest life science companies. However, you
have fewer resources at your disposal to address these issues. The reality is that only a
few ERP vendors have proven that they can serve the needs of the mid-sized life science
market.
The mid-sized life science company needs to balance the ability of ERP systems with
both economic restrictions and alternative, human based, approaches to satisfy
their requirements. Larger companies can justify levels of automation that are not
economically sound to the mid-sized company because the larger company can extend
a solution over many business units and higher business volumes. Therefore, systems
that have proven effective for larger companies are often inappropriate for the mid-sized
company.
This paper serves as a starting point for the process of evaluating your needs, fatal flaws
and decision criteria.
The mid-sized life science company searching for a business solution is urged to place
the solution from Microsoft Great Plains and Merit Solutions on their short list. We find
the solution to be:
- Complete
- Appropriate for the mid-sized life science company
- Well-supported
- Provided by a stable vendor
The mid-sized life science
company needs to balance
the ability of ERP systems
with both economic
restrictions and alternative,
human based, approaches
to satisfy their requirements.
Appendix
Compliance Defined
The FDA's public health protection role and defined mission include ensuring that
"human and veterinary drugs are safe and effective; there is reasonable assurance of the
safety and effectiveness of devices intended for human use." Today, the need to audit
processes concerned with human health has become an even greater issue in light of
current fears of bioterrorism.
To ensure that Life Science Products are produced in a way that supports its mission,
the FDA has defined Good Manufacturing Practices (GMPs). Originally, GMPs were based
upon the best practices of the industry. As technology and practices improved, the GMPs
evolved as well. In the U.S., drug GMPs were formally introduced in 1963 and significantly
rewritten in the 1970s.
GMPs define a quality system that manufacturers use as they build quality into their
products. For example, approved drug products developed and produced according to
GMPs are safe, properly identified, of the correct strength or potency, pure, and of high
quality. At a high level, GMPs address:
- Proper design, maintenance and cleaning of equipment and facilities
- The development and approval of SOPs
- The need for an independent quality unit (like quality control and/or quality
assurance)
- Qualifications and training for personnel and management
GMPs are defined as regulations that describe the methods, equipment, facilities, and
controls required for producing. These regulations are found in the Congressional Federal
Register (CFR) 21 in the following parts:
- Human pharmaceutical products and veterinary products (21 CFR 210-211)
- Biologically derived products (21 CFR 600 and 21 CFR 620)
- Medical devices (21 CFR 820)
- Processed food (21 CFR 100)
(See http://www.fda.gov/cder/dmpq/cgmpregs.htm for current regulations)
In addition, 21 CFR Part 11 specifies further controls for electronic records and electronic
signatures.
The set of regulations that is currently in effect is called Current Good Manufacturing
Practices or "cGMPs," emphasizing that they are dynamic.
The following parts are of special interest for pharmaceutical products:
- Part 210 Current Good Manufacturing Practice In Manufacturing, Processing,
Packing, Or Holding Of Drugs; General
- Part 211 Current Good Manufacturing Practice For Finished Life Science
Products
- Part 11 Electronic Records; Electronic Signatures
As automation began to replace paper-based systems, Congress feared a loss of
documented control over safe pharmaceutical production processes. With an initial focus
on medical devices and life science products, Congress mandated a verifiable, trackable
plan that would allow digital signatures and automated audit trails to replace the volumes
of regulatory paper work. This plan was published as 21 CFR Part 11, simply known as
"Part 11." The impact of Part 11 on manufacturers will be great as or greater than the
Y2K issue.
Part 11 is a loosely written regulation that intends to add a layer of security to the
production processes of the pharmaceutical industry through audits and authorized signoffs.
Part 11 is not mandatory. It is called into play if a company chooses to use electronic
records. A company may decide to stay with paper-based records and in that case, Part
11 does not apply.
GMPs change formally and informally. The U.S. medical device GMPs were formally
changed when Congress rewrote them, making them more compatible with the ISO-9001
quality document. The medical devices GMPs were then renamed to the Quality System
Regulation (QSR).
Changes also come about through the evolving expectations of inspectors. In the
U.S., these changes are communicated through agency guides and guidelines and by
presentations and papers presented by FDA personnel. More informally, cGMPs evolve
as new practices become "feasible and valuable." One other way industry personnel
can keep track of changes in expectations is by watching the FDA-483s (inspectional
observations: http://www.fda.gov/ora/frequent/default.htm) and Warning Letters issued
to firms by the agency (http://www.fda.gov/foi/warning.htm).
Life sciences manufacturers will see increased attention to their systems as the
estimated 700 FDA inspectors trained in computer systems and Part 11 become
available.
Although the FDA does a thorough job of setting forth regulations, these regulations
should be viewed as a set of guidelines, not as an absolute statement of requirements.
The FDA, compliance executives, lawyers and others interpret the regulations in a
variety of ways depending on a number of factors including the product produced, the
manufacturing processes used, and the risk involved.
Does cGMP Impact Your Company?
Does cGMP apply to you? If you manufacture human pharmaceutical products,
veterinary, biologically derived products or medical devices, you need to understand
and comply with cGMPs. If these products are manufactured outside the U.S. but are
marketed domestically, these rules apply. (For a list of regulated products, see lifesciencecioforum.com/products_regulated.htm
Does Part 11 apply to you? Congress has mandated that the manufacture of drugs
and medical devices - products with the potential of causing physical harm - require
audit trails and digital signatures. Nutraceuticals, biologics, companies involved in bone
extensions, body part harvesting, blood banks, skin graphs, and others are currently
excluded.
Most assume that cosmetics and food and beverages will soon be added to the list of
affected industries. Debate is ongoing as to the appropriateness of pharmaceutical
regulations in food and beverage. The debate is not about the need for more control; the
debate is about whether this is the right set of regulations.
For contract manufacturers of drug and medical devices, compliance should be regarded
as a competitive weapon. Patent holders are exposed to risk from non-compliant contract
manufacturers and will look more favorably upon sources that meet the patent holders'
definition of appropriate compliance.
About the Author
Olin Thompson is a principal of Process ERP Partners. He has over 25 years experience
as an executive in the software industry. Olin has been called "the Father of Process ERP."
He is a frequent author and an award-winning speaker on topics of gaining value from
ERP, SCP, e-commerce and the impact of technology on industry. He can be reached
at Olin@ProcessERP.com.
About Microsoft Business Solutions
Microsoft Business Solutions, a business group of Microsoft, offers a wide range of
integrated, end-to-end business applications and services designed to help small,
midmarket and corporate businesses become more connected with customers,
employees, partners and suppliers. Microsoft Business Solutions applications optimize
strategic business processes across financial management, analytics, human resources
management, project management, customer relationship management, field service
management, supply chain management, e-commerce, manufacturing and retail
management. The applications are designed to provide insight to help customers
achieve business success. More information about Microsoft Business Solutions
can be found at www.microsoft.com/dynamics/default.mspx.
Table of Contents
- Forward
- Table of Contents
- Mid-Market Life Science Enterprise Realities
- Part 11, Opportunity Or Challenge?
- Compliance Strategy
- Cost vs. Risk
- People vs. Systems
- Understanding Vendors
- Potential Fatal Flaws - Compliance and Software
- Part 11
- cGMP
- cGMP - Security
- cGMP - Transactions
- cGMP - Recall/ Lot Tracking
- cGMP - Proof of Compliance
- What Your Software Vendor and/or Your System Integrator Should Supply Beyond Software
- Summary
- Appendix
- Compliance Defined
- Does cGMP Impact Your Company?